1. Introduction to Computer
Security Syllabus
By Kenneth Ayebazibwe
kynaye@gmail.com
256774185458 / 256702555890
2. Course prerequisites or restrictive
statements:
• Basic knowledge on operating systems; C
programming skills
3. Student learning outcomes:
• By the end of this course, students will be able to:
– State the basic concepts in information security, including security
policies, security models, and security mechanisms.
– Explain concepts related to applied cryptography, including plain-text,
cipher-text, the four techniques for crypto-analysis, symmetric
cryptography, asymmetric cryptography, digital
– signature, message authentication code, hash functions, and modes of
encryption operations.
– Explain the concepts of malicious code, including virus, Trojan horse,
and worms.
– Explain common vulnerabilities in computer programs, including buffer
overflow
– vulnerabilities, time-of-check to time-of-use flaws, incomplete mediation.
– Outline the requirements and mechanisms for identification and
authentication
4. – Explain issues about password authentication, including dictionary attacks
(password guessing attacks), password management policies, and one-time
password mechanisms.
– Explain and compare security mechanisms for conventional operating systems,
including
– memory, time, file, object protection requirements and techniques and protection
in contemporary operating systems.
– Explain the requirements for trusted operating systems, and describe the
independent evaluation, including evaluation criteria and evaluation process.
– Describe security requirements for database security, and describe techniques for
ensuring database reliability and integrity, secrecy, inference control, and multi-
level databases.
– Describe threats to networks, and explain techniques for ensuring network
security, including encryption, authentication, firewalls, and intrusion detection.
– Explain the requirements and techniques for security management, including
security policies, risk analysis, and physical threats and controls.
5. Textbook:
• Charles P. Pfleeger and Shari L. Pfleeger.
Security in Computing (3 rd edition). Prentice-
Hall. 2003. ISBN: 0-13-035548-8.
6. Course Organization and Scope:
• (Assume each lecture takes 75 minutes. The
following topics need 28 lectures. These will be
adjusted based on the actual progress in a
semester.)
8. • T3. Program security (3 lectures)
– Flaws
– Malicious code: viruses, Trojan horses, worms
– Program flaws: buffer overflows, time-of-check to time-of-use flaws, incomplete mediation
– Defenses
– Software development controls
– Testing techniques
• T4. Security in conventional operating systems (4 lectures)
– Memory, time, file, object protection requirements and techniques
– Protection in contemporary operating systems
– Identification and authentication
– Identification goals
– Authentication requirements
– Human authentication
– Machine authentication
Mid-term Review: topics 1 – 4 (TEST)
9. • T5. Trusted operating systems (5 lectures)
– Assurance; trust
– Design principles
– Evaluation criteria
– Evaluation process
• T6. Database management systems security (6
lectures)
– Database integrity
– Database secrecy
– Inference control
– Multilevel databases
10. • Network security (7 lectures)
– Network threats: eavesdropping, spoofing,
modification, denial of service attacks
– Introduction to network security techniques:
firewalls, virtual private networks, intrusion
detection,
11. • T8. Management of security (8 lectures)
– o Security policies
– o Risk analysis
– o Physical threats and controls
• T9. Miscellaneous (9 lecture)
– o Legal aspects of security
– o Privacy and ethics
• Final review: topics 1 – 9 (1 lecture)
13. Projected schedule of homework due
dates, quizzes and exams:
• There will be one online / Facebook assignment
for each topic and there will be a midterm and a
final exam. The mid-term exam will be given
after topic 4. The final exam is scheduled by the
Institution.